2024-04-11_b55745a8c8e032cbb4ef3b22158bc49a_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-11_b55745a8c8e032cbb4ef3b22158bc49a_mafia
Size

946KB
MD5

b55745a8c8e032cbb4ef3b22158bc49a
SHA1

98eae2f33ea4ae73424aa9a0ad411539ba9f7205
SHA256

7577478024f25238ccaae8dfe08902085f1aa63abbf59b0a133cb9713500d45b
SHA512

306299ee3c9511329226783aff9770588b9304170ab18d2703a105bb0fb4716c5b2c3fcbfbb7817e877bf054dfdee3037eec5b35d229693a793e33094b68031d
SSDEEP

24576:QkOIrAkafqgzTu1m6H4TUEWOXNfFMkG7Wv/rTT2Zc3ceM7:9O/qHEWOXN9Dv/rTT2Z/eM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-11_b55745a8c8e032cbb4ef3b22158bc49a_mafia

Files

2024-04-11_b55745a8c8e032cbb4ef3b22158bc49a_mafia
.exe windows:5 windows x86 arch:x86

0fba9e052a27bcae04f96c8c01873c94

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\test\Desktop\work\tightvnc-2.7.10\Release\tvnviewer.pdb

Imports

comctl32

ImageList_Create
ImageList_ReplaceIcon
ImageList_Destroy
InitCommonControlsEx
CreateToolbarEx

winmm

timeGetTime

kernel32

HeapReAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetConsoleMode
GetConsoleCP
ReadFile
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
SetFilePointer
SetStdHandle
WriteConsoleW
FlushFileBuffers
SetEndOfFile
GetProcessHeap
GetOEMCP
GetFileSizeEx
Sleep
GetModuleHandleW
GetLocalTime
CompareStringW
GetACP
GetLocaleInfoW
GetStdHandle
WriteFile
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
HeapDestroy
HeapCreate
IsProcessorFeaturePresent
ExitProcess
HeapSize
SetEnvironmentVariableA
GetTickCount
IsDebuggerPresent
SetUnhandledExceptionFilter
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
FindFirstFileW
SetErrorMode
GetLogicalDriveStringsW
CreateDirectoryW
SetFileTime
CreateFileW
MoveFileW
FindClose
RemoveDirectoryW
FindNextFileW
CloseHandle
DeleteFileW
GetCurrentThreadId
GetCurrentProcessId
FormatMessageW
WaitForSingleObject
SuspendThread
ResumeThread
CreateThread
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WideCharToMultiByte
MultiByteToWideChar
GetDateFormatW
SystemTimeToFileTime
GetTimeFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
FreeResource
FindResourceW
LoadResource
LockResource
FindResourceExW
SizeofResource
InterlockedExchange
GetCurrentProcess
GetModuleFileNameW
GetLastError
CreateProcessW
SetEvent
TerminateProcess
CreateEventW
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
GetCommandLineW
LoadLibraryW
GetProcAddress
LocalFree
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
HeapFree
HeapSetInformation
GetStartupInfoW
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCPInfo
RaiseException
RtlUnwind
LCMapStringW
UnhandledExceptionFilter

user32

GetDlgItem
MessageBoxW
GetCursorPos
SetForegroundWindow
RegisterWindowMessageW
TrackPopupMenu
IsWindowVisible
CallWindowProcW
DestroyIcon
SendMessageW
GetSystemMetrics
GetWindowLongW
PostMessageW
EnableWindow
DispatchMessageW
DefWindowProcW
RegisterClassW
GetActiveWindow
GetSysColorBrush
SetWindowLongW
TranslateMessage
UnregisterClassW
GetMessageW
SetTimer
TranslateAcceleratorW
GetMonitorInfoW
SetWindowTextW
GetWindowTextW
InvalidateRect
IsWindow
CreateDialogParamW
EndDialog
SetClassLongW
LoadIconW
DialogBoxParamW
CreateWindowExW
CheckMenuItem
DestroyMenu
SetMenuDefaultItem
GetMenuItemCount
CreatePopupMenu
EnableMenuItem
InsertMenuItemW
GetMenuItemID
GetSystemMenu
SetScrollInfo
ShowScrollBar
GetClientRect
ScreenToClient
BeginPaint
EndPaint
FillRect
LoadBitmapW
GetParent
ReleaseDC
GetDC
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
GetKeyState
LoadAcceleratorsW
SystemParametersInfoW
SetClipboardViewer
SetClipboardData
OpenClipboard
EmptyClipboard
GetClipboardData
GetPriorityClipboardFormat
CloseClipboard
IsDialogMessageW
PostQuitMessage
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
ShowWindow
SetWindowPos
DestroyWindow
SetRect
SetWindowPlacement
GetWindowRect
KillTimer
LoadCursorW
MessageBeep
CreateMenu
SetFocus
GetKeyboardLayoutNameW
GetWindowPlacement
AppendMenuW
MonitorFromWindow
GetDesktopWindow

comdlg32

GetSaveFileNameW

shell32

Shell_NotifyIconW
SHGetFolderPathW
CommandLineToArgvW
SHGetSpecialFolderPathW
ShellExecuteW

ws2_32

__WSAFDIsSet
socket
bind
recv
setsockopt
shutdown
getsockname
select
closesocket
gethostbyname
ntohs
htons
htonl
ntohl
WSAGetLastError
send
listen
accept
WSAStartup
connect
WSACleanup

avifil32

AVIFileInit
AVISaveOptions
AVIStreamRelease
AVIFileExit
AVIFileOpenW
AVIFileCreateStreamW
AVIStreamSetFormat
AVIStreamWrite
AVIFileRelease
AVIMakeCompressedStream
AVISaveOptionsFree

msvfw32

ord2

shlwapi

PathFindExtensionW

gdiplus

GdipCreateBitmapFromScan0
GdiplusShutdown
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipGetImageEncoders
GdipSaveImageToFile
GdiplusStartup
GdipGetImageEncodersSize

secur32

GetUserNameExW

gdi32

SelectObject
CreateCompatibleDC
GetObjectW
DeleteDC
BitBlt
CreateDIBSection
CreateSolidBrush
SetDIBitsToDevice
GetDIBits
GetCurrentObject
StretchBlt
SetStretchBltMode
DeleteObject

advapi32

RegCreateKeyW
RegEnumKeyW
RegQueryValueExW
RegOpenKeyW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Sections

.text
Size: 634KB - Virtual size: 634KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0fba9e052a27bcae04f96c8c01873c94

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

winmm

kernel32

user32

comdlg32

shell32

ws2_32

avifil32

msvfw32

shlwapi

gdiplus

secur32

gdi32

advapi32

version

Sections

.text Size: 634KB - Virtual size: 634KB

.rdata Size: 139KB - Virtual size: 139KB

.data Size: 17KB - Virtual size: 26KB

.rsrc Size: 111KB - Virtual size: 110KB

.reloc Size: 43KB - Virtual size: 42KB

.text
Size: 634KB - Virtual size: 634KB

.rdata
Size: 139KB - Virtual size: 139KB

.data
Size: 17KB - Virtual size: 26KB

.rsrc
Size: 111KB - Virtual size: 110KB

.reloc
Size: 43KB - Virtual size: 42KB